[Snort-users] Snort 2.9.0.3 & Phil Wood's modified libpcap

Weir, Jason jason.weir at ...14916...
Tue Feb 8 10:06:17 EST 2011


Good question, google was not conclusive....

The change file (goes back to 1994) http://www.tcpdump.org/libpcap-changes.txt doesn't mention mmap or ring buffer.

Anyone have definitive proof that the latest libpcap versions have the good stuff included

-J

> -----Original Message-----
> From: Jason Wallace [mailto:jason.r.wallace at ...11827...] 
> Sent: Tuesday, February 08, 2011 8:56 AM
> To: Weir, Jason
> Cc: snort-users at lists.sourceforge.net
> Subject: Re: [Snort-users] Snort 2.9.0.3 & Phil Wood's 
> modified libpcap
> 
> 
> Doesn't libpcap >= 1.0.0 contain a ringbuffer like was used in Phil's
> stuff? I thought folks using Phil's stuff had started to move back to
> the standard libpcap.
> 
> On Tue, Feb 8, 2011 at 8:36 AM, Weir, Jason 
> <jason.weir at ...14916...> wrote:
> > Running into problems - seems DAQ needs libpcap version greater than
> > 1.0.0
> >
> > ./configure on daq gives me this
> >
> > ERROR!  Libpcap library version >= 1.0.0  not found.
> >
> > Unfortunately Phil's libpcap version is 0.9.8
> >
> > Any way around this?
> >
> > Jason


_____________________________________________________________________________________________

Please visit www.nhrs.org to subscribe to NHRS email announcements and updates.


More information about the Snort-users mailing list